While calling 'Document Upload WEB API' need to restrict specific file extension.

RE: While calling 'Document Upload WEB API' need to restrict specific file extension.

udhay kumar — Fri, 03 Dec 2021 16:19:50 GMT

There is no way to restrict it as of now (still we can show validation error as a response) . Appian converts binary file request to appian document immediately when the external system hits Api . One solution for this is you can create a scheduler to delete unnesasary documents which will run daily or weekly

RE: While calling 'Document Upload WEB API' need to restrict specific file extension.

Stefan Helzle — Wed, 24 Nov 2021 08:18:00 GMT

A file by itself is no security threat. AFAIK this kind of restriction is not supported. My clients typically put some kind of API management in from of Appian in which we implement this kind of restrictions.

RE: While calling 'Document Upload WEB API' need to restrict specific file extension.

diptis829231 — Wed, 24 Nov 2021 08:10:04 GMT

Stefan Helzle Main concern is that there exists vulnerability, the API is vulnerable to unrestricted file upload. The API allows to upload file and even if someone sends .exe executable file , then also WEBAPI which created at Appian allows the document to be stored in target folder. Can we restrict this before hand??

RE: While calling 'Document Upload WEB API' need to restrict specific file extension.

Stefan Helzle — Wed, 24 Nov 2021 07:45:58 GMT

The file itself is uploaded and stored in the target folder before the API code is executed. I think this is what you are seeing.

Why not just start a process which checks the extension and deletes the file if it is the wrong one. If you enable some chaining, you can return values from the process to the API and return appropriate messages.